<?php
// LFI


$authorized_dir=array('esprit', 'archives', 'coding', 'sysadm', 'crypto', 'reseau');
$files_dir="files";
if (isset($_GET["files"])) $files=$_GET["files"];
else if (!isset($_GET["files"]) || !in_array($files,$authorized_dir)) $files="apps";



$aff= '<html>
       <body>
	  <h1>File viewer v 0.01</h1><span id="mnenu"/>';

if (file_exists($files_dir)){
    $d=opendir($files_dir);  
    while ($file = readdir($d)) {
	  if ($file[0] == ".") { } 
	  else {
	      $aff.= "&nbsp;|&nbsp;<span><a href=\"?files=$file\">";
	      if ($file==$files) $aff.= "<b>$file</b>";
	      else $aff.= "$file";
	      $aff.= "</a></span>";
	  }
    }

    $aff.="&nbsp;|<span style='text-align: right; float:right;'>Connected as : <b>guest</b>&nbsp;|&nbsp;<a href=\"admin/\">admin</a></span><br/><hr/>";
    closedir($d);
}


$full_path=realpath($files_dir."/".$files);
if (file_exists($full_path)){
    $aff.='<table id="content">';
    $aff.='<tr><td style="vertical-align: top;">';

    $d=opendir($full_path);
    while ($file = readdir($d)) {
	  if ($file[0] == ".") { } 
	  else {
	      $aff.= '<a href="?files='.$files."&f=".$file.'" ><img width="32px" height="32px" src="text.gif" alt="'.$file.'">'.$file.'</a><br/>';
	  }
    }

    $aff.='</td><td style="vertical-align: top;">';

    if (isset($_GET["f"]) && $_GET["f"]!=""){

	$lfi_path=$full_path."/".$_GET["f"];
	$secured_path=realpath($lfi_path);
	$aff.= "<h3>File : ".htmlentities($_GET["f"])."</h3>";
	$aff.= "<hr/><pre>";
	$aff.= htmlentities(file_get_contents($secured_path));
	$aff.= "</pre><hr/>";

	
    }

    $aff.='</td></tr></table>';


}




$aff.="</body></html>";
echo $aff;


?>